n8n Exposes Servers To Remote Code Execution

n8n disclosed multiple expression-evaluation vulnerabilities (CVE-2026-25049) in a security advisory published Wednesday that could allow authenticated users to execute system commands and hijack servers. The flaws carry a CVSS score of 9.4 and follow a prior December 2025 RCE; maintainers and researchers say exploits can expose API keys and cloud/AI credentials. Patches are available and users are urged to update immediately, audit permissions, and rotate credentials.